Extracted

• • Target

    16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f

  • Size

    493KB

  • MD5

    7e12831b97ad63445fc0e9173b98b4b0

  • SHA1

    36adafaafea6740027beef8d8f6d762ede47203d

  • SHA256

    16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f

  • SHA512

    44d6f4d58712f45838627cc8bde00e63b52d9c2bc9bc45ffa6963725f6b26ab307e61d40c469bc10a657d84137e62ad8ee861744f0208ba0bdef9d8f2bd97f9f

  Score

  10^/10

  gozi_ifsbbankerpersistencetrojan

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2